Configuring Mobile Controller clusters
You can create a cluster or join an existing cluster of two or more Mobile Controllers on the Cluster page. You can also configure clusters to aggregate statistics across cluster members on the Cluster page. For more information, see
Viewing reports for endpoints.Mobile Controller clusters simplify the process of configuring Mobile Controllers for large deployments or high-availability deployments with multiple Mobile Controllers. You can join two or more Mobile Controllers to provide a pool for available licenses. The entire pool of available licenses remains available to the SteelHead Mobile clients, even if one Mobile Controller uses all its installed licenses or one Mobile Controller fails. The SteelHead Mobile clients can connect to any Mobile Controller in a cluster and have the same configuration and administrative experience.
Clusters provide the SteelHead Mobile clients with the same experience regardless of the Mobile Controller to which they connect by synchronizing the policies and other configuration settings across a set of member Mobile Controllers. You can configure cluster-wide settings on any cluster member and these settings propagate across the cluster. However, node-specific settings must be configured locally on each Mobile Controller in the cluster.
Peering certificates can be clustered, but the Signing CA and other settings under SSL are node-specific. Other node-specific settings include the Mobile Controller hostname and IP address.
Clustered Mobile Controllers pool their licenses, making the set of all base licenses available even if one or more Mobile Controllers in the cluster are not available. Although licenses are pooled between all cluster members, you must install base licenses on each Mobile Controller.
The Mobile Controller connects to a cluster in steps. First it sends a request to join the cluster to any existing cluster member. If accepted, it begins the process of joining a cluster. Settings of the Mobile Controller joining the cluster are deleted during the joining process, and the joining Mobile Controller synchronizes its configurations with that of the cluster. When the connection process finishes and synchronization is complete, the Mobile Controller is a cluster member.
For clusters with more than three nodes, we recommend that you don’t use Virtual Mobile Controllers with less than 2 GB in the /data partition size.
Prerequisites
Before you can add a Mobile Controller to a cluster, you must complete these prerequisites:
• Have a valid IP address for the Mobile Controller.
• Know the fully qualified domain name (FQDN) of the Mobile Controller.
• Be able to connect to the other cluster members.
• Have the same set of base licenses installed on all cluster members: for example CIFS, MAPI, SSL, and so forth. For details on managing Mobile Controller licenses, see
Managing licenses. • Ensure that SSL trust can be established between all Mobile Controllers in the cluster. Generally, this trust is done by sharing the Signing CA certificate of cluster members. Prior to joining the cluster, you can export the existing signing CA, including the private key for the Mobile Controller. For details on exporting signing CAs, see
To export an existing certificate. • Import the signing CA and private key of the other cluster members to the Mobile Controller. Prior to joining the cluster, you must replace (import) the existing signing CA, including the private key, for the Mobile Controllers in the cluster (One File in PEM or PKCS12 formats
). For details on replacing (importing) existing signing CAs, see
To replace a Mobile Controller signing CA. Configuration settings in your clusters
After you join a cluster, the configuration settings on your Mobile Controller are replaced by those shared in the cluster. When you change those settings on your Mobile Controller, those changes are made to the configuration of each Mobile Controller in the cluster. This table lists the features that are shared by each Mobile Controller in the cluster.
Feature | Description |
Policies | All policy settings propagate throughout the cluster. |
Packages | Packages created on any member Mobile Controller are available to all clients and Mobile Controllers in the cluster. |
Assignments and Group Settings | All group assignments and settings propagate throughout the cluster. |
Adapter List | List of available interfaces. |
Endpoint Reports | The Endpoint reports for any cluster member shows all endpoints connected to the cluster. You can also enable aggregated statistics across cluster members on the Cluster page. For details, see
To enable aggregated statistics across cluster members. |
License Pooling | Base licenses must be installed on each Mobile Controller in the cluster. Cluster members share licenses. |
Peering Certificates | Establishes a trust relationship for the SSL peering certificates of all Mobile Controllers in the cluster. |
Port Labels | Port labels created on any member Mobile Controller are available to all clients and Mobile Controllers in the cluster. |
Monitored Ports | Monitored port configuration settings made on any member Mobile Controller are applied to all clients and Mobile Controllers in the cluster. |
To join a cluster
1. Choose Manage > Cluster: Cluster Settings to display the Cluster page.
2. Specify, in the Host name text box, the IP address or hostname of any Mobile Controller that is a cluster member.
3. Optionally, specify a port number.
4. Click Attach to join the cluster.
After your Mobile Controller has joined the cluster, the Attach button becomes the Detach button. To leave a cluster, click Detach. You can remove any Mobile Controller in the cluster from any cluster member.
To enable aggregated statistics across cluster members
• Under Aggregated Statistics Settings, select the check box and click Apply.
Time-series data aggregated across the entire cluster are applied to the Desktop Traffic, Desktop Bandwidth, SSL, Branch Warming, and Endpoint History reports. A message appears at the bottom of the report stating whether the data was successfully retrieved from all cluster members. For more information on endpoint reports, see
Viewing reports for endpoints.To remove a Mobile Controller from the cluster
1. Select the check box next to any cluster member listed under Controllers in the cluster.
2. Click Remove from cluster.
You can check the status of any cluster member in the Status column. The possible values for the Status column are defined in this table.
Status | Description |
Joining | The Mobile Controller is joining a cluster member. |
Connecting | The Mobile Controller is connecting to a cluster member. |
Connected, Syncing | The Mobile Controller is connected to a cluster member and is configuring its settings to match the cluster’s settings. |
Connected, Synced | The Mobile Controller is connected to a cluster member and has finished changing its settings to match the cluster’s settings. |
Disconnected | The Mobile Controller can’t connect with the specified cluster member. |
Disconnected, Denied | The cluster member is actively denying connections to the local Mobile Controller. |
Troubleshooting cluster connections
These situations can cause your Mobile Controller to become disconnected from the cluster:
• The Mobile Controller that your Mobile Controller is connected to has become unreachable for some reason.
If your Mobile Controller is disconnected from the cluster, and attempts to reconnect are denied, detach and rejoin the cluster. For details, see
Configuring Mobile Controller clusters.Make sure that you have your logs configured at Error level. Cluster error messages appear at this level. For details on filtering log messages, see
Viewing and downloading logs. Troubleshooting Mobile Controller connectivity
These topologies can cause problems with Mobile Controller connectivity:
• Firewalls between the endpoint and the Mobile Controller - To more easily manage the Mobile Controller, be sure to open the firewall to allow access to ports 22, 80, 443, and 7870. For more information about firewalls and firewall requirements, see the SteelCentral Controller for SteelHead Mobile Installation Guide.
• Mixed mode clustering - In this topology, the Mobile Controllers use different versions of the software. Mix mode clustering can occur when not all the Mobile Controllers are updated to the latest software release.
Making policy, configuration, and cluster changes in mixed mode can be challenging. Therefore, we recommend that all the Mobile Controllers be updated to the same version of the software.
For more information, see the Riverbed Knowledge Base for any known issues, how-to documents, system requirements, and common error messages. You can browse titles or search for keywords and strings. To access the Riverbed Knowledge Base, log in to the Riverbed Support site at
https://support.riverbed.com.
License pooling
In Mobile Controller clusters, licenses for all members are shared and available to each cluster member.
Cluster members can check out licenses from the license pool in small batches and return them when no longer needed, such as when the SteelHead Mobile clients disconnect from the Mobile Controller or no longer require a license.
When the Mobile Controller fails, other members detect the failure and all licenses are returned to the free pool. The Mobile Controller checks out a new batch of licenses when it comes back up. Initially, by default, the Mobile Controller collects up to 100 licenses (if they are available), and then acquires more if needed. If no licenses are available when the Mobile Controller comes back online, it is not able to check out licenses until they are released from other Mobile Controllers.